mirror of
https://github.com/sismics/docs.git
synced 2024-12-22 11:23:48 +01:00
List and delete active tokens (server)
This commit is contained in:
parent
9fca036edb
commit
487d538503
@ -1,6 +1,7 @@
|
||||
package com.sismics.docs.core.dao.jpa;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
@ -96,4 +97,31 @@ public class AuthenticationTokenDao {
|
||||
q.setParameter("id", id);
|
||||
q.executeUpdate();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns all authentication tokens of an user.
|
||||
*
|
||||
* @param userId
|
||||
* @return
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public List<AuthenticationToken> getByUserId(String userId) {
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
Query q = em.createQuery("select a from AuthenticationToken a where a.userId = :userId");
|
||||
q.setParameter("userId", userId);
|
||||
return q.getResultList();
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes all authentication tokens of an user.
|
||||
*
|
||||
* @param userId
|
||||
*/
|
||||
public void deleteByUserId(String userId, String id) {
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
Query q = em.createQuery("delete AuthenticationToken a where a.userId = :userId and a.id != :id");
|
||||
q.setParameter("userId", userId);
|
||||
q.setParameter("id", id);
|
||||
q.executeUpdate();
|
||||
}
|
||||
}
|
||||
|
@ -91,12 +91,8 @@ public class FileDao {
|
||||
@SuppressWarnings("unchecked")
|
||||
public List<File> getByDocumentId(String documentId) {
|
||||
EntityManager em = ThreadLocalContext.get().getEntityManager();
|
||||
|
||||
// Get the files
|
||||
Query q = em.createQuery("select f from File f where f.documentId = :documentId and f.deleteDate is null");
|
||||
q.setParameter("documentId", documentId);
|
||||
List<File> files = (List<File>) q.getResultList();
|
||||
|
||||
return files;
|
||||
return q.getResultList();
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
- List opened sessions and ability to close them (client/server)
|
||||
- List opened sessions and ability to close them (client)
|
||||
- Display logs (client)
|
||||
- Reordering files and add new files to the end (server)
|
||||
- Tag stats (client/server)
|
||||
|
@ -417,6 +417,7 @@ public class UserResource extends BaseResource {
|
||||
response.put("status", "ok");
|
||||
return Response.ok().entity(response).build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the information about the connected user.
|
||||
*
|
||||
@ -532,4 +533,70 @@ public class UserResource extends BaseResource {
|
||||
|
||||
return Response.ok().entity(response).build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns all active sessions.
|
||||
*
|
||||
* @return Response
|
||||
* @throws JSONException
|
||||
*/
|
||||
@GET
|
||||
@Path("session")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response session() throws JSONException {
|
||||
if (!authenticate()) {
|
||||
throw new ForbiddenClientException();
|
||||
}
|
||||
|
||||
JSONObject response = new JSONObject();
|
||||
List<JSONObject> sessions = new ArrayList<JSONObject>();
|
||||
|
||||
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
|
||||
|
||||
for (AuthenticationToken authenticationToken : authenticationTokenDao.getByUserId(principal.getId())) {
|
||||
JSONObject session = new JSONObject();
|
||||
session.put("create_date", authenticationToken.getCreationDate().getTime());
|
||||
if (authenticationToken.getLastConnectionDate() != null) {
|
||||
session.put("last_connection_date", authenticationToken.getLastConnectionDate().getTime());
|
||||
}
|
||||
sessions.add(session);
|
||||
}
|
||||
response.put("sessions", sessions);
|
||||
|
||||
return Response.ok().entity(response).build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes all active sessions except the one used for this request.
|
||||
*
|
||||
* @return Response
|
||||
* @throws JSONException
|
||||
*/
|
||||
@DELETE
|
||||
@Path("session")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response deleteSession() throws JSONException {
|
||||
if (!authenticate()) {
|
||||
throw new ForbiddenClientException();
|
||||
}
|
||||
|
||||
// Get the value of the session token
|
||||
String authToken = null;
|
||||
if (request.getCookies() != null) {
|
||||
for (Cookie cookie : request.getCookies()) {
|
||||
if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
|
||||
authToken = cookie.getValue();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Remove other tokens
|
||||
AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
|
||||
authenticationTokenDao.deleteByUserId(principal.getId(), authToken);
|
||||
|
||||
// Always return ok
|
||||
JSONObject response = new JSONObject();
|
||||
response.put("status", "ok");
|
||||
return Response.ok().entity(response).build();
|
||||
}
|
||||
}
|
||||
|
@ -137,9 +137,32 @@ public class TestUserResource extends BaseJerseyTest {
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
String aliceAuthToken = clientUtil.getAuthenticationCookie(response);
|
||||
|
||||
// Login user bob
|
||||
// Login user bob twice
|
||||
String bobAuthToken = clientUtil.login("bob");
|
||||
String bobAuthToken2 = clientUtil.login("bob");
|
||||
|
||||
// List sessions
|
||||
userResource = resource().path("/user/session");
|
||||
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
|
||||
response = userResource.get(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertTrue(json.getJSONArray("sessions").length() > 0);
|
||||
|
||||
// Delete all sessions
|
||||
userResource = resource().path("/user/session");
|
||||
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken));
|
||||
response = userResource.delete(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
|
||||
// Check bob user information with token 2 (just deleted)
|
||||
userResource = resource().path("/user");
|
||||
userResource.addFilter(new CookieAuthenticationFilter(bobAuthToken2));
|
||||
response = userResource.get(ClientResponse.class);
|
||||
Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
|
||||
json = response.getEntity(JSONObject.class);
|
||||
Assert.assertEquals(true, json.getBoolean("anonymous"));
|
||||
|
||||
// Check alice user information
|
||||
userResource = resource().path("/user");
|
||||
userResource.addFilter(new CookieAuthenticationFilter(aliceAuthToken));
|
||||
|
Loading…
Reference in New Issue
Block a user